IPv6 on softwire

This page documents how to configure IPv6 over a L2TP softwire, which is a method used by some ISP to provide IPv6 connectivity. It assumes Barrier Breaker (OpenWRT 14.07), but the old configuration for Attitude Adjustment (12.09) is available at the end of the page.

About softwires

“softwire” is the new fancy term for network tunnels, aka encapsulation. Reasonably accurate definitions about softwires are given in RFC 4925, and RFC 5571 describes an implementation using L2TPv2.

Softwires are used as basic blocks to transport newer protocols (typically IPv6) over an older network (typically, the IPv4 core network of an ISP).

ISP using softwires to provide IPv6

Overview

This howto is derived from an experience with SFR, in France (FTTH residential access). It might applies to other ISPs as well, but you'll need to adapt IP addresses, PPP login and passwords, and so on.

In the case of SFR, steps 1 and 2 require an authentication. Fortunately, the L2TP password is hardcoded. The PPP password is not, but it's sent as cleartext, so a simple sniffing is enough to recover it.

If you need authentication at the L2TP level (before PPP), configure it in /etc/xl2tpd/xl2tp-secrets:

* * my_l2tp_password

At this point, rebooting or simply running ifup wan6 should give you a fully working IPv6 setup. To debug, look at the logs (logread) and the interfaces status (ifstatus 6pe and ifstatus wan6).

Old setup for AA

This setup is doing everything “by hand”, which might be useful for other Linux distribution as well (for instance, Debian). More precisely, we do the following:

use xl2tpd to negociate the L2TP tunnel and the PPP session: this creates a ppp0 interface

use dhcp6c to request an IPv6 prefix through DHCPv6

use radvd to distribute addresses to LAN clients from a /64 (which is automatically taken from the delegated prefix)

Of course, you are free to use other methods. Most notably, newer OpenWRT versions handle IPv6 differently. It's also possible to distribute IPv6 addresses to LAN clients using dnsmasq.

Note that SFR's CPE, the Neufbox, is running a modified version of OpenWRT. Since they publish their firmware (I used the NB6-MAIN-R3.3.4 firmware), it's possible to look at their config files (and hardcoded passwords), which greatly simplifies the task.

L2TP tunnel using xl2tpd

You need to install xl2tpd. Then, a working /etc/x2ltpd/x2ltpd.conf for SFR is:

For SFR, the PPP login seems to be dhcp/XX.XX.XX.XX@YYYYYYYYYYYY, where XX.XX.XX.XX is your public IP address, and YYYYYYYYYYYY is the MAC address of the WAN interface of the official box, without the colons.